Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Charliemopps writes "For 20 years the password for the U.S. nuclear arsenal was '00000000.' Kennedy instituted a security system on all nuclear warheads to prevent them from being armed by someone unauthorized. It was called PAL, and promised to secure the entire US arsenal around the world. Unfortunately for Kennedy (and I guess, the whole world) U.S. military leadership was more concerned about delaying a launch than securing Armageddon. They technically obeyed the order but then set the password to 8 Zeros, or '00000000'."

The generals using 00000000 was not dumb at all. The civilian leadership demanded that they create a launch code to take control away from the generals and make sure that nobody could go rogue (Jack D. Ripper style). The generals were terrified that a Soviet sneak attack could kill all of those civilians and leave the Air Force unable to retaliate against the dirty Reds. Using a non-secret code complied with the letter of the order while still keeping the control that they wanted. I'm actually impresse

00000000 is just as random as any other code. My grandfather used to play 1-2-3-4-5-6 in the lottery, and when someone would point out that that number would never come up, he'd gleefully educate that person on probability.

Besides, the code that WOPR was trying to crack was a 12-digit alphanumeric string of the style JPE-1704-TKS.

Off-topic, but note that playing an easily remembered set of numbers (not just 1-2-3-4-5-6, any set of numbers that you'll recognize) is bad for several reasons. One reason is that numbers which are special to you have a high probability of being special to someone else. The expected result of playing those numbers in a lottery is therefore lower than for other numbers. There are probably hundreds if not thousands of smartasses like your grandfather with whom he would have had to split the jackpot in case those numbers came up. Another important reason is that, however unlikely it is to have your special numbers come up, it is not impossible. When they do come up and just that time you didn't play, you'll kick your own arse for the rest of your life. This risk is a strong motivation to keep playing, which can lead to gambling addiction. So to lower your risk of getting addicted to gambling, don't ever bet on the same numbers.

so the expected payout is lower - the max payout is definitely lower by order of magnitudes, therefore it is stupid to play those numbers and omgwtf stupid if you're using those numbers to educate people on probabilities and expected outcomes. if you take into account the fact that on any given lottery where you can choose the numbers 1-2-3-4-5-6.. is the most played and any big lottery would have 100 players playing those numbers then if you do the math on the expected return vs. any other number combinati

"Not being so hot at maths" doesn't follow. It's easier to remember your lottery numbers if you never change them. Then it only takes a second to check whether you've won because the numbers are in your head as well as on the ticket.

You (incorrectly) assume all expected values are the same (a linear relationship between EV $1 and EV $10, and a low-probability EV $1 is the same as a high probability EV $1). That, and the EV of a rollercoaster ride is negative, but people still do it. If amusement park patrons were smart at math, they'd not waste their money on admission.

00000000 is just as random as any other code. My grandfather used to play 1-2-3-4-5-6 in the lottery, and when someone would point out that that number would never come up, he'd gleefully educate that person on probability.

A pity that those numbers never came; then he and thousands of other "I understand probability" blowhards might have actually learned something. The object in the lottery is not just to pick the winning numbers, but also to share the jackpot with as few others as possible. 1-2-3-4-5-6 is, in fact, the worst possible choice.

""00000000 is just as random as any other code""
"Except that you can lean on the button pad and enter it by mistake. Bye Bye world."
Or a short develops - in a button that's used underground or on a submarine.

Where your Granpa's lottery ticket is concerned his correct or should be if the lotto is truly random.

Humans picking numbers though are not good sources of random. People tend to do things like choose 0000000, 1111111, 12345..., because they are easy to remember. They also often pick numbers such that the first pairs of digits might represent a valid date because its their dogs birthday or whatever. Knowing this means you try the list of common pattern first (dictionary), then you try the smaller key spa

If you run a prng and reject any combination with less than 4 distinct digits, you're likely to have a combination in a small number of attempts, most usually 1. Calculate the likelihood of a prng producing ten combinations in a row that have less than 4 distinct digits. (For an 8 digit code it's say, 1/10000 or about that, and decreases by a factor of sqrt(10) for each additional digit, something like that).

Eliminating repeated digits and sequences can significantly reduce the search space. A security policy that requires a 4-digit PIN with no repeats or sequential digits eliminates about 35% of the possible PINs.

The best example to be aware of in the UK Lotto, referred to here: http://news.bbc.co.uk/1/hi/sci/tech/240734.stm

"The remarkable draw on 14 November 1995 when 133 tickets shared the &pound;16 million jackpot prize is a clear example of the effects the team had deduced.

The winning numbers were 7, 17, 23, 32, 38, 42 and 48, all of which lie in central columns of the ticket, and the players won only &pound;120,000 each. The average number of jackpot winners is five and the average amount won is &pound;2 million."

This illustrates the difference picking common combinations can make. Once a presenter told you how much you'd win if you did the 1-2-3-4-5-6 thing: only a few thousand! (While only a small minority have this 'clever' thought, it's enough to elevate the number of entries with 1-2-3-4-5-6 to significantly more than a typical combination.)

This is an example of "begging the question". "Randomness" is not a property of a number, it is a property of a sequence.

This sounds like splitting hairs, but it actually makes a lot of confusing things clearer if instead of asking "Is this number random?" you ask "Was this number produced by a process that generates a random sequence?"

Lets take the example of a combination. "0000000" is just as random as "3115435", but "0000000" was generated by a process which spits out easily keyed-in, easy-for-humans-to-remember numbers. In other words it's generated by a process that is biased towards spitting out numbers like "0000000" and "1234567".

True but irrelevant. The point of having the code was so that the launch decision was not available to whoever happened to be in the hole with the missile. By setting the code to a predetermined number they effectively gave the decision regarding whether to start WWIII to some random guy out in the field. All it would have taken was one or two crazy or misinformed people.

In particular because there is no central computer control. The military has always been real big about having humans in the chain, which is why this code isn't a big deal. It still required the two guys in the silos to turn their keys. There isn't any "OMG we hax the missiles!" shit that can go on. At the end of the day, only the operators in the silos can trigger a launch, it isn't on a network.

Same general deal in planes and so on. Like when a modern bombing mission is conducted, all the stuff is uploaded in to the computers beforehand, flight plan, targeting data, all that. The pilot is told on his HUD a countdown to when to release the bombs. Hitting the button doesn't release them either, the plane's computers decide when it is actually best to release. So what does it do? Allows the plane to release. If the pilot doesn't trigger, it can't drop, no matter if it thinks it should. The human is the final deciding factor.

Maybe the military will change their mind some day as automation increases, but for now they are real, real big on having a human have to be the final factor.

I saw some idiot claim that people just do not understand probability theory and state that in effect 00000000 is just as secure as 737474757. I would call him ignorant of hacking. What does one start with when cracking password protected systems? . . . a dictionary of common crap people use, like "000000000", "1111111111", "101010101010", "007007007007".

ISIS headquarters makes fort knox look like a gingerbread house. Only two means
of ingress. The first, at street level, impenetrable after six. The second
through an access door on the roof, inexplicably unprotected. But even if you
ziplined across.. reach the access door, and somehow made it into ISIS
headquarters, youâ(TM)d still have to find the mainframe. But wait, it gets worse.
Inside there are three countermeasure systems. The first is pressue sensitive,
in the floor. Even a mouse triggers it. T

Or a short pulse is generated by a shorting circuit making a 0 0 0 0 0 0 0... which gets to a count of 8 of them. BOOM!

This is actually far from hypothetical. Quoting Lee Earnest (http://www.stanford.edu/~learnest/gump.htm):

In 1960, I somehow was assigned the responsibility of leading a study group to get approval for putting nuclear warheads on the second-generation BOMARC ground-to-air missiles. This involved proving to a government nuclear safety board in Albuquerque, New Mexico, that the probability of

Maybe it is. Seriously, imagine that you have just broken into a missile launch complex and are trying to guess the combo. Would 00000000 really be one of the first you would try?

More seriously, nuclear launch is too important for passwords of any kind. If some reasonable set of people know the password you can threaten or torture it out of them - a minor effort compared to breaking the physical security around a launch complex. Remember its not like you can remotely log in to the launch computer for a Tit

Maybe it is. Seriously, imagine that you have just broken into a missile launch complex and are trying to guess the combo. Would 00000000 really be one of the first you would try?

Since this isn't news (and we've discussed it here before) yes, yes I would try all zeroes. I'd also try all ones, 1-whatever, whatever-1, 0-whatever, etc. on the assumption that whoever initially implemented the password knew as much about security as you do, and due to the vagaries of government contracts it was never changed.

At one place I worked, the marketing director had arrived at work, but had forgotten her alarm code. So, she typed in "123456". The system seemingly disarmed, and she went to her office.

Very shortly after, the police arrived. What she didn't know was that criminals trying that code first was so common that the alarm company dispatched police immediately when it was used, figuring that someone using it was trying to break in. Needless to say she was more than a little upset after everything was straightened out...;-)

That's a good idea to provide a code like that in case you are compelled to reveal the code under duress. Suppose that you were taken hostage, and the HT threatened you with harm unless you revealed the security code. You could tell them "123456", and they would get off your back, but when they tried to use it, BAM - Here come the cops.

However, if I was the HT in this case, and the hostage told me the code was "123456", I would slap them, just on principal.

And since no one read TFA.. I'll just point out that the code was on the checklist... Written in plain sight.

Our launch checklist in fact instructed us, the firing crew, to double-check the locking panel in our underground launch bunker to ensure that no digits other than zero had been inadvertently dialed into the panel.

Depends on which level you label the "code". The way the PAL worked was that the firing parameters were stored encrypted, and the code entered was used as a decryption key. Bad code, random firing sequence (and a fizzle).

well... at least is not as confusing as having the password be "password"

General:: the deactivation password is "password"Operator: whats the password...General: "I Said... the deactivation password is PASSWORD"Operator: ok but whats the password.......Genaral: The....."; oops too late

I'd like to think that if you ever got to the point where you were in front of something that would accept a password to launch a nuclear strike, and you WEREN'T one of the people authorised to know the passwords, it's game over anyway.

The only thing that device can do is send an electrical signal to something - if you've got that far, especially in the era mentioned - chances are you just insert that signal directly without having to worry about the Password? prompt anyway.

The book Command and Control by Eric Schlosser goes into the issues of the cold war control of our nukes in a wonderful way, detailing just how messed up our control of nukes was and how we are damn lucky that we didn't have an accidental nuclear detonation at some point (there were plenty of accidental conventional detonations that by sheer luck didn't have a nuclear core in them).

Nuclear weapons are "always/never" devices in that they should always work when you want them to and never work when you don't. The military only cared about the "always" side of the equation. So much so that they even nixed the idea of an inertial switch in fusing mechanism of the reentry vehicles of ICBMs that would only connect the detonation systems after detecting the g-forces of reentry.

Further any suggestion of improving the control of the nukes was met with grumpy rage at civilians daring to tell the military how to run its business as well as fights between the Air Force, Army, and Navy over funding and power.

Then on top of that it misses the point, that if you're trying to prevent people from starting WW3 on their own initiative, you don't let them choose the password. You should have the bomb builders set it. Bomb building was always kept carefully separate from the military.

During the Cold War PAL's wern't intended to prevent people from starting WWIII... They were meant to prevent to use of weapons that had fallen into unfriendly hands. (Which is why the codes were set to all balls in the missile silos, and why SSBN's didn't have them.)

During the Cold War PAL's wern't intended to prevent people from starting WWIII... They were meant to prevent to use of weapons that had fallen into unfriendly hands. (Which is why the codes were set to all balls in the missile silos, and why SSBN's didn't have them.)

That's flat-out wrong. They absolutely were intended to prevent a rogue launch, and were mandated by the president of the US at the time, JFK, because he specifically wanted to prevent anyone in the military from being able to launch without his order. That the passwords were all set to "all balls", and that that code was the one that was always dialed in, was direct defiance of the order from the commander-in-chief, by military officers who resented that exercise of the president's authority.

Nope, it's the flat-out truth. You're just repeating what's become urban legend since the story first broke a decade ago.

They absolutely were intended to prevent a rogue launch, and were mandated by the president of the US at the time, JFK, because he specifically wanted to prevent anyone in the military from being able to launch without his order.

Note we are not talking about straight launch codes (the envelopes etc.) This was an additional safeguard, a component in the message link (as in un-squelch) layer between SAC and silo.

I learned of this years ago, and since I've tracked the sentiment and reaction to it. How we thoughtfully react to this idea might be crucial to our survival and evolution as a species. Why? It hinges on personal responsibility. Time and again it is portrayed as a farce, a madcap circus-like adventure in the absurd. Or sternl

But the password to my email has to be sixteen characters, with at least one upper case, one lower case, a number, a symbol, an umlaut, a character from the pinyin alphabet, and one of those Arabic squiggles. Assholes.

Oh, and Jimmy Carter once sent his jacket to the dry-cleaner with a paper with the detonation codes still in one of the pockets. Just so you dont have to write a 'news article' on that in the near future...I got both pieces of info via QI (Quite interesting), wich is normally considered a quiz, but for the author it is probably a news show...